The first paragraph suggests the order is for “targeted and personalised information”.
That would suggest that it's unlikely to be anonymised data collection; at best perhaps pseudonymous... and then you get into the questions about how easy it is relate these ids to real identities. Let's hope Facebook stays out of the equation with their fr and c_user cookie fields.
The intentions may be well meaning (let's optimise services for businesses and people prior to significant changes).
However, we've recently had the Windrush scandal and Home Office hostile environment policy: there are over a million people in the UK who may have questions about their residence rights changing and wouldn't like to be tracked whilst they try to find answers.
If you enjoy researching and being creative, then maybe you can experiment with some online koans, watching tutorial videos, an online course or even coding competitions to get more exposure to how developers solve various types of problems differently. You might see some patterns that you understand and help you develop.
I personally learned a lot about problem solving from trying different language paradigms: being forced to tackle things from a different direction - so you could try some ClojureScript or golang (if you want to give the backend a try).
If things still don't click, then there's various different roles in software projects, the bigger the product the more diverse the roles: you can probably search a job board for "software" and see what comes up if you want to stick in the industry and get an idea for what else there is to do.
In the EU this would breach the ePrivacy Directive - as there is neither consent or information supplied in advance. Privacy is not just about information captured about you, but about privacy of what you have stored on your electronic devices.
2. If you then type "privacy" into the address bar, it loads https://www.google.com/search?q=privacy&ie=utf-8&oe=utf-8&cl... directing users into the most privacy invasive service on the internet with no advance warning. I now have a wealth of Google cookies from their search domain, but there are also cookies set for DoubleClick and Adservices.
I'm now enrolled into surveillance capitalism and all I did was open Firefox for the first time, type "privacy" and press enter.
Mozilla talk a lot about privacy, but their products and websites don't live up to the privacy standards we need and if anything they're on the wrong side of the fence when it comes to acting on privacy - they still make things worse and not better; although it has to be acknowledged that they have improved a lot with the tracking protection features that have slowly been making their way into Firefox.
1. Mozilla only enabled Google Analytics after signing a contract with Google that that data would not be fed into Google's models. There's no reason to believe Google would violate that legal agreement.
2. The Twitter thread you linked is by a Brave employee. It should be judged by the facts it shows, but is good context to keep in mind w.r.t. their presentation.
No I'm not. I'd imagine that a contract would be enforced by both parties respecting it, especially given that there's not that much to win for Google, and much to lose if, say, an employee would leak that it was being violated.
Let's see the contract and its term, if not hear from Google that it is in effect. Sorry, but reputable blockers block GA because it is now tied into Google's overall ads/data business and they say as much in touting it, in their privacy policy even with its carve-outs, and in others' experience with it.
For Mozilla to use GA instead of self-hosted Matomo is odd to me as a founder of mozilla.org (none are left at Mozilla now, FYI). We do the latter at Brave. Is it just for convenience?
No solution, but I think we'll never find one if debate, about problems with web privacy, suggests Mozilla is the answer - until they put into actions their words, they shouldn't be seen as the way to go.
Whilst I have reservations about Brave, from a privacy standpoint they appear to be more trustworthy and some of the actions they are involved with, like complaints to regulators are far beyond anything we've seen of Mozilla - sure they may have corporate motives, but right now they appear to align far better with consumer privacy.
There are forks of Firefox that are trying to improve on delivery of privacy
I am not wholly comfortable using Brave because of its dependency on Chromium, too much of a dependency on a single web rendering engine reminds me of IE days.
I would suggest to anyone, install them both and more, you might love browsing the web in emacs (someone must) - if you find a website that doesn't work on Firefox and you need Chrome, then why not use Brave instead?
Personally I'm trying both, I also bought a Librem Laptop so I have PureBrowser too and I'm not afraid to throw some of my money and inconvenience at products that are better at protecting my privacy: for techies we can all do this with relative ease. For non-techies, which is where we really need the sea of change (and who are unlikely to read this), then we can advise them towards Apple's products and make them aware of products like Brave so it can be their "backup" browser if not their first choice - not perfect, but I'd prefer my family to browse using Safari, Firefox (with privacy settings I have to sit down and sort out for them) or Brave; than Chrome.
> Whilst I have reservations about Brave, from a privacy standpoint they appear to be more trustworthy and some of the actions they are involved with, like complaints to regulators are far beyond anything we've seen of Mozilla - sure they may have corporate motives, but right now they appear to align far better with consumer privacy.
There's a lot for me to think about in your post, and most of it I agree with, but I wanted to comment on this bit. While I agree that Firefox has made some very problematic decisions over the years, Brave is far worse in my opinion. My biggest 3 objections are here:
It looks like my post fell off the front page, so the hashtag link doesn't work. :/ Copy-pasting my comment here:
Looking into this only briefly, it didn't take long to find a lot of very questionable decisions made by Brave:
1. They're positioning themselves as both an advertiser and a privacy advocate[1], which strikes me as more of a strategy for bootstrapping revenue than a trustworthy moral position. The entire point of crypto micropayments is to pay for content with crypto rather than attention/privacy. Why should I view Brave's ads rather than the other ads on the internet from advertisers who also claim their ads respect privacy? The fact that Brave has decided to get into bed with advertisers at all shows they're committed to profit, not to users: micropayments are just a way to diversify for Brave, which will quickly fall to the wayside if it fails to provide the revenue they want.
2. The entire concept of a Brave Verified Publisher stinks. It positions Brave as a censor. If this system takes off, then suddenly Brave has control over who gets paid for content on the internet, and can censor content they don't like. And this isn't hypothetical, they plan to do this: their TOS[2] explicitly contains a code of conduct which contains a long list of things they will terminate your account for: they promise to use their power as censors to enforce of US copyright/patent law and also a wide variety of subjective social norms. This also shows their commitment to being an advertiser rather than an application that serves users: if you're serving users then you let them pay for the content they want to pay for, but if you're serving advertisers, then you can't let advertisers brands be seen as supporting questionable content.
3. BAT based in Ethereum seems to be basically a way to ride the wave of cryptocurrency hype while still positioning themselves as a central authority/middleman. If they weren't trying to position themselves as a middleman, they would just make the micropayments in Ether directly, or better yet, in a cryptocurrency that doesn't have a history of forking the blockchain to fix an bug in a major users' contract[3]. If they weren't trying to ride cryptocurrency hype, they'd just allow micropayments via a much-simpler-and-more-reliable REST API or similar since they're already the central authority anyway.
I don't think we can trust Brave with our privacy or attention. I don't think we can trust Brave with the decision of who gets paid for content. I don't think we need Brave as a middleman to pay content publishers. I don't like the state of how content is paid for on the internet, but I don't think Brave is the solution.
It's disappointing to me that Wikipedia has decided to associate their name with Brave's. A big part of why I respect Wikipedia is their long-standing policy of keeping independent from advertisers, and it seems naive of them to have not realized that Brave is an advertiser. I can understand why Wikipedia has made this decision, but I still think it is a compromise of Wikipedia's values, and I hope they'll reverse their decision in the future.
1. Ad spend last year was over $100M in the US alone, ~$300M globally. Heading toward $1T globally. Users subscribing or paying out of goodwill won't cover this if we block it all and corner the market. We are doing anonymous and private ads (also donations and subscriptions, note well), no conflict with user in data or revenue share. Read my comments here, e.g., https://news.ycombinator.com/item?id=20841558. For you to claim a conflict, you have to show we make more than the user, cheat the user, or somehow steal or leak data to our advantage.
2. We are in the middle phase of a multiyear roadmap, where the last phase will distribute domain verification to many oracles, if we can't bake it into validators on-chain. If you know of an existing blockchain solution, please lay it on us. Also for handling OFAC and other KYC regulations (where we use Uphold today). We cannot intermediate ad revshares, and no blockchain today can either. We do not censor, our test for domain ownership or channel control is objective. If you think we won't get on to phase 3 of our roadmap, fine -- but don't use your speculations as if they were facts.
3. Here is a chart from end of 2017 showing relative volatility. BAT was 2nd least volatile above USDT, we beat Bitcoin and Ether. But we also have other advantages via BAT, including our user growth pool. If you discount that then you are arguing we should find a billionaire to replace it with Ether out of the grace of his or her charity. Who might that person be? Your argument here is cheap unless it's you.
I don't find these to be objections based on reason so much as misunderstandings or hostile speculations that we will fail. You aren't required to agree with us, we're not imposing any system on you. If you don't like BAT, just use Brave with its default settings. If you don't like Brave, there are lots of other browsers. If you have rational arguments against any bug or design flaw in our intentional work to replace surveillance with privacy tech for donating and advertising, I'm all ears.
1. If you're saying that it's impossible to make money without accepting money from funders whose motivations conflict with users', that just means that a for-profit organization is not the way to build a browser that serves users.
A "conflict of interest" doesn't necessarily imply that you've done anything wrong yet, it merely says that the incentives are strongly in favor of you doing something wrong. In my experience, that means that when the cards are on the table you will do the wrong thing, not because you're a bad person or anything, but because you don't want to give up your funding and business.
It may just be that making a lot of money and serving users are fundamentally incompatible. And anyone who actually wants to prioritize serving users over making a lot of money needs to at least be open to that possibility. I really hope they aren't incompatible, for both your sake and mine--I'd like to be rich as much as anyone.
2. This is a non-reason. Domain ownership is already verified by certificate authorities, and there's no reason anyone should trust your centralized authority more than CAs centralized authority. In the very best case, where you do exactly what you're claiming you're going to do and allow other oracles, you've pointlessly reinvented CAs. But you haven't gotten there yet, so right now it just looks like you've created a CA system where you're the only CA, which is objectively worse.
If you want a blockchain solution, fixing the bugs in Namecoin[1] would be a start, although admittedly that technology has yet to play out in practice. It's possible a similar system could be implemented on top of BAT. The difficulty here is that you'd be reinventing the DNS system in tandem.
Let's be clear here, your TOS says you can censor people based on subjective criteria.[2] So if you claim "we do not censor", why don't you say that where it's legally binding?
3. So if you're arguing volatility is the issue, why didn't you just use USD? If you needed funding--again, that's your problem, not one users care about. You don't get a free pass on technology decisions that harm users just because they helped you get funding.
I am genuinely sad that corporations have proven themselves untrustworthy so many times that I can't trust you. As I've said elsewhere, you seem like a decent person with good intentions.
[2] "As a condition of use, you promise not to use the Service for any purpose that is prohibited by the Terms of Use. For purposes of the Terms of Use, the term “Content” includes, without limitation, any information, data, text, photographs, videos, software, scripts, graphics, and interactive features generated, provided, or otherwise made accessible on or through the Service. By way of example, and not as a limitation, you shall not (and shall not permit any third party to) take any action (including contributing any Content) that: would constitute a violation of any applicable law, rule or regulation; infringes any intellectual property or other right of any other person or entity; is threatening, abusive, harassing, defamatory, libelous, deceptive, fraudulent, invasive of another’s privacy, tortious, obscene, offensive, or profane; constitutes unauthorized or unsolicited advertising, junk or bulk e-mail; contains software viruses or any other similar computer codes, files, or programs; or impersonates any person or entity." -- quoted from https://brave.com/terms-of-use/ , note that later it says, "Brave may terminate your access to all or any part of the Service at any time if you fail to comply with these Terms of Use, which may result in the forfeiture and destruction of all information associated with your account."
I will be brief, as replies growing ever longer is a bad condition. Also I do not want to argue about imponderables.
I’m aware of Namecoin, whose Wikipedia page says
“A 2015 study found that of the 120,000 domain names registered on Namecoin, only 28 were in use.[12]
Onename co-founder Muneeb Ali on 12 September 2015 at the Blockstack Summit 2015 stated that the Namecoin network is not decentralized and the mining group Discus Fish controls 60-70% of its hashing power.”
I was at the 2015 Blockstack Summit and can vouch.
I already noted we will distribute if not decentralize publishers verification. Namecoin can’t do YouTube or other UGC accounts, as we do. Handshake might pan out for domains, we are in touch. In our current Gemini phase we have to comply with laws, but we won’t kick out or unverify a site or channel based on legal content it hosts. Our rep would be trashed if we did.
This may be where we part company. I’m well aware of conflicts of interest and the difference between intentions and outcomes from Mozilla and prior experience. Brave nevertheless has put its reputation at stake, with open source and incremental work to decentralize as much as possible. We may fail for lots of reasons, but going bad and trying to steal from our users is highly unlikely. It would be quickly defeated. This is by design.
We were never really likely to reach any agreement, so I'm fine with parting ways as amicably as is possible given that we disagree so fundamentally. I really do wish you the best; I hope I'm wrong and that you succeed in a way that's good for users.
Safari/DDG user here. Presumably Firefox could load the search results into a container that throws away all the cookies after the search is done. Doesn’t it work like that for FB?
Presumably, the real problem is that this would be against Google’s terms of the agreement between google and. moz, but - at least technically - there is no reason to throw away access to google if that’s seen to be a desirable default.
Of course - I’m guessing that google is gonna add its own tracking variables to URLs, so any search result returned by google really is going to be suspect regardless of what we do.
Honestly typing "privacy" into a UI that is designed to act as a search field for Google, and blaming that on Mozilla somehow, that's a stretch. What's next? Typing "which company faked the moon landing" and WOW you're redirect to Google! It must have been them.
It's nothing but opinionated. You can't honestly call this a "fact" and go on to claim that HN is hypocritical. That's... is there a word for hypocrisy about hypocrisy?
(The first point made is not even that bad, it's just that quagmire following it which dilutes the whole thing)
If Mozilla wanted to respect privacy the "UI that is designed to act as a search field for Google" could be a "UI that is designed to act as a search field for DuckDuckGo", it wasn't that long ago it was a search field for Yahoo. What's notable here is that Google is the default and in doing so is endorsed and recommended by Mozilla for its users.
So the fact here is that Mozilla made that choice to be in bed with Google.
Maybe think about it another way. Imagine Greenpeace defaulted to offering to book supporters private planes to get to every protest. It is this nature of extreme distance from organisational values that Mozilla is expressing when it defaults to Google search.
Brave defaults to Google in most countries, but we get paid $0 for it. We also disable auto-suggestions based on key by key tracking to Google as you type your search term, leaving it as an option some users choose to enable.
This isn't that hard (except for doing without the big bucks, which is hard: Brave is building up small revenue to large, not profitable yet -- again, we pay the user >= what we make, 70% of gross revenue for user-private ads, 15% for publisher partnered ads [not yet launched]).
I'm saddened that Google is the default. I hope Brave asks users in the future, but understand there are probably a few different goals being juggled whilst Brave grows.
I think that ship has pretty much sailed, but in either case that has nothing to do with Firefox's decision. If they wanted to use Google, for whatever reason, they could do so while supporting user privacy by piping it through e.g. Startpage.
I won't violate any NDA still binding me to Mozilla by agreeing that the default search deal in Mozilla is and historically has been done for funding the company. If they wanted to switch, they could -- but it would hurt financially, big time. That could imperil the project as a whole. It would definitely limit salaries at the top.
You've been downvoted, but your words deserve a reply. Profit motive does not go away in a "non-profit" (Mozilla Corp is the for-profit subsidiary of Mozilla Foundation; top salary last seen [2017] was $2.3M+). It takes innumeracy or worse to miss that Mozilla depends for its profits (to pay such salaries and bonuses) mainly on the Google search deal.
In my opinion, this conflict of interest between users and Mozilla's search revenue share held back tracking protection in Firefox over the years.
Meanwhile Brave has a transparent rate card, where we pay the user 70% of the gross revenue for user-private ads, and 15% for publisher ads (not yet deployed; the publisher makes 70% and we take same as the user). So we get <= what users get, and will fail if our users don't like the private/anonymous ad model enough to opt in at sufficient scale that we can cover our costs.
Good luck pressuring Mozilla to cut its top exec's pay from seven figures. Your words are empty.
When you explain how adtech tracking works, with examples to organisaions that have a moral and regulatory need to protect privacy, in some of the most sensitive situations, it is possible to get them to remove ad tech without too much effort.
This has been a mixed success as a privacy complaint and I hope the regulator (ICO) steps in to make sure similar organisations remove ad tracking where there are vulnerable users.
Childline was copied in many countries, you might want to check your national online service.
You can achieve similar benefits of verification with PGP and similarly rich object level encryption.
Be careful of gotchas in how PGP or similar work, if you choose it (notable what is or isn't plaintext).
Object level encryption typically allows for better separation of concerns as it does not bottleneck to a unique domain:port to seperate encryption contexts. It also eases separation of public facing encryption risks from private internal ones.
If a public server is breached, all HTTPS traffic can be read, but if it proxies a more secure, perhaps simpler application environment (perhaps a microservice for the specific functionality), then that application environment is not affected by vulnerabilities in unrelated public facing features (like a backup microservice might not care about how to render HTML/JavaScript, so wouldn't be vulnerable to common web XSS attacks).
It allows other benefits like:
- it faciliates only user can decrypt data being sent (good for backups)
- intermediate services to load balance and block DOS don't have to be exposed to the plaintext data, only the necessary service that needs it
- many to many encrypted messages over one connection (TLS is many to 1 decrypting endpoints)
- intermediate caching and redelivery of messages can be done with ease
- similarly verification of the data with signatures reduces risk of data corruption being missed that may happen during transport.
- you don't have to depend on the Certificate Authority model (which is questionnably secure given the history of revoked CAs), you can use your own trust store or your own web of trust that could be shared with appropriate third paries or the whole web.
- if others can think of more, please suggest them
The encryption can just be used for verification (signatures) and this is very valuable for trusted content distribution, especially if you want to scale it using third parties.
Because of these properties PGP or similar object encryption technologies often play a part in secure forms of backups, email, instant messaging, software repositories and handling sensitive data in more regulated industries (health, finance, etc).
Arguably, both TLS and object level encryption together are worth doing, as object level encryption may sometimes make it more obvious who the sender and target identities are and this metadata may in itself be of a concern to leak.
Brave decided to protect users by default from privacy concerns, it may not be perfect, I'm going to give it a go and see.
Firefox offers various privacy features (check about:config), but they're opt-in and typically have a bar to entry for users to be willing to change settings and know what they will do.
Mozilla might claim to care about privacy, but by not clamping down on third party content and referers, it left most of its userbase in the position of having their privacy invaded by default when using their product. If you care about privacy you fix that, they didn't.
I support the motive, but it appears to have been hijacked to include companies that don't protect privacy.
Happy to amend this response if creator finds a way to moderate it, but for instance MixPanel stole usernames and passwords earlier this year so definitely shouldn't be on this kind of list https://techcrunch.com/2018/02/05/mixpanel-passwords/
I don't appear to have an edit option, I thought comments could be edited.
Thanks for removing MixPanel, I think centralised analytics are by default going to breach privacy as you only need a referer and an IP address to have enough data to put someone's privacy at risk.
Also, third party JavaScript (not protected by code review and SRI) is an access control issue and can violate privacy at anytime as shown by instances of credit card theft and cryptomining this year.
Simply Analytics lies about not being a GDPR concern (which requires consideration for access control and security (loading third party JavaScript) and under GDPR IP address can be considered an identifier.
Authy doesn't delete user accounts, despite claiming to do so upon request in their privacy policy.
"Why do you refuse to delete accounts? It is my data and I want it to be removed. How can I feel safe about my data if I cannot remove it if I choose not to continue using your service."
"Your personal information is generally stored until you advise us to close your Authy account and delete your records, and activity logs may be stored for up to a year for security purposes, or, if there is an ongoing investigation, until that matter is concluded."
I haven't done due diligence and checked each one, so maybe I'm been overly pessimistic, but some choice entries that I very seriously doubt don't track you: Dailymotion, Wordpress, Dropbox, Skyscanner, Here.com... I could go on. Mapbox for example definitely track you, but do provide an opt-out in their API, so some would describe that as "more" privacy friendly. Others may do similar.
This seems more like a list of alternatives to Google (which is still incredibly valuable), rather than a list of privacy-friendly alternatives.
That's still great though: I'm still happier to have some choice in who tracks me even if all alternatives do.
Except, by default their primary product was the interface by which may of their users got targeted. They've sat on their hands on privacy for years, offering features for the informed minority, not protecting the majority of their users. It's been Safari and Brave that have started to show proper leadership in protecting users.
Recent attempts I've been making to help teach web developers about the dangers of referers, before they add more tracking pixels or leak reset password links get deleted by Mozilla technical writers because
"
We don't think it's appropriate to have a red warning banner at the tops of the pages. That kind of design element is one we try to avoid on MDN unless it's highlighting the very first thing you need to know about the item, which we don't think it is in this case, although we do appreciate that it is important."
Great idea, let's leave the wet floor warning as a note at the end of the corridor.
I'm a Mozillian who worked on MDN for 5 years, and now work on Firefox Privacy & Security. Most relevantly, I wrote the patch that implements strict-origin-when-cross-origin Referrer policy in Private Browsing Mode.
I certainly trust the MDN team to understand how to arrange their content to match their audience.
I also believe web developers should be more informed about the privacy & security issues of their work. The content you tried to add was verbose without any technical detail or links, and the MDN revision history isn't a great space for content discussion.
Have you tried filing a content bug? It's much easier to converse on bugzilla than thru edit battles.
That would suggest that it's unlikely to be anonymised data collection; at best perhaps pseudonymous... and then you get into the questions about how easy it is relate these ids to real identities. Let's hope Facebook stays out of the equation with their fr and c_user cookie fields.
The intentions may be well meaning (let's optimise services for businesses and people prior to significant changes). However, we've recently had the Windrush scandal and Home Office hostile environment policy: there are over a million people in the UK who may have questions about their residence rights changing and wouldn't like to be tracked whilst they try to find answers.